Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-32996 Incorrect Default Permissions vulnerability in Jenkins Saml Single Sign-On
A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.
network
low complexity
jenkins CWE-276
4.3
2023-05-16 CVE-2023-32999 Incorrect Default Permissions vulnerability in Jenkins Appspider
A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.
network
low complexity
jenkins CWE-276
4.3
2023-05-15 CVE-2023-21104 Incorrect Default Permissions vulnerability in Google Android 12.1/13.0
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed.
local
low complexity
google CWE-276
5.5
2023-05-15 CVE-2023-21107 Incorrect Default Permissions vulnerability in Google Android
In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check.
local
low complexity
google CWE-276
7.8
2023-05-10 CVE-2022-30338 Incorrect Default Permissions vulnerability in Intel Virtual Raid on CPU
Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2023-05-10 CVE-2022-33963 Incorrect Default Permissions vulnerability in Intel Unite
Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2023-05-10 CVE-2022-36391 Incorrect Default Permissions vulnerability in Intel NUC PRO Software Suite
Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2023-05-10 CVE-2022-40971 Incorrect Default Permissions vulnerability in Intel NUC Hdmi Firmware Update Tool 1.78.2.0.7
Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2023-05-10 CVE-2022-41687 Incorrect Default Permissions vulnerability in Intel NUC P14E Laptop Element 1.0.0.156
Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2023-05-10 CVE-2023-22440 Incorrect Default Permissions vulnerability in Intel Setup and Configuration Software
Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8